I have a Cisco-ASA5505 firewall setup to send Netflow data to a Netflow v9 sensor on my monitoring workstation. This is working correctly (I am getting sensor data) but I only want to see stats on the packets arriving on/leaving my "outside" interface. My Cisco box litterally calls the interface between it and my ISP the "outside" interface and I have it configured as VLAN2.
Below are the include filters I tried to use in the sensor's "Settings" tab none of them worked. I.e. I stopped seeing data after defining the filter. Once I removed the filter data started appearing again. What is the correct syntax for using the "Interface" and "VLAN" filter fileds? Or perhaps I should be using a different filter field?
Filter used:
Interface[outside] VLAN[2]
Please note that I do not want to configure my ASA to restrict the netflow stats to a particular interface because I want the ability to inspect inside interface (LAN) traffic on a different probe.
Thanks
Add comment